Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

sammyW

Posted 15 June 2005 - 09:39 PM

sammyW

Member

Topic Starter

Member

44 posts

I have just finished a series of scans from, ewido, microsoft AS, panda AV, ad-aware, spybot SD, spywareblaster, TDS-3, CWShredder. I also went back into safe mode and ran the nail fix. When I restarted there was no sign of nail.exe and I did a couple more scans and nothing showed up. And then I got some messages from programs like microsoft antispyware saying that "abetterinternet" was trying to install. Now I can actually see the nail.exe as it has rejuvinated, the [bleep]! Anyhow here is the HJT log. Thank you so much for your time!

sammyW

Posted 15 June 2005 - 09:41 PM

sammyW

Member

Topic Starter

Member

44 posts

Also here is the Find-Its log.

Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 06/16/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

sammyW

Posted 17 June 2005 - 09:12 PM

sammyW

Member

Topic Starter

Member

44 posts

Hi UKBiker,Sorry about the wait for this HJT log, was just caught away for a bit. Really appreciate the help that you are giving me. I did the things that were in your post. However I am still not sure if me system is allowing the fix to run properly as the nail.exe is still there. Thanks for your time!

Run Process Explorer and find the Process [usqmiqz] and/or qlryav.exe r in the list of Processes.Select the process and click Process > Suspend.

Step 3

Then in HijackThis click Config > Misc Tools > Delete a file on reboot...In the explorer Window select the file

O4 - HKLM\..\Run: [usqmiqz] c:\windows\system32\qlryav.exe r

When prompted if you want to reboot click YES

Note Leave Process explorer running with the process suspended.

Step 4

After the reboot check the following items in HijackThis.

O4 - HKLM\..\Run: [usqmiqz] c:\windows\system32\qlryav.exe r

Close all windows except HijackThis and click Fix checked:

Step 5

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

sammyW

Posted 18 June 2005 - 05:16 PM

sammyW

Member

Topic Starter

Member

44 posts

UKBike that looks great. I haven't tried it yet because I was tring to download that new nail fix, but the link takes me to the page, but the file does not exist. Would you know where else I could find this fix?
Thanks for your assistance in this matter!

sammyW

Posted 18 June 2005 - 07:38 PM

sammyW

Member

Topic Starter

Member

44 posts

Also do you know how to activate the achives checkbox in ewido. Everytime I do a scan it only gives me the option of checking binder and crypter, while archives stays grey. Not sure weather the scanner is missing some things.

How to use Spybot to remove Spyware<=If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster<=SpywareBlaster will prevent spyware from being installed.

IE/Spyad<=IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

MVPS Hosts file<=The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Google Toolbar<=Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program<=An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.